Merge "Properly handle octet (byte) strings when converting LDAP responses" into stable/train

This commit is contained in:
Zuul 2020-11-18 01:21:59 +00:00 committed by Gerrit Code Review
commit 6df6aec584
3 changed files with 30 additions and 1 deletions

View File

@ -17,6 +17,7 @@ import codecs
import os.path
import re
import sys
import uuid
import weakref
import ldap.controls
@ -94,7 +95,16 @@ def utf8_decode(value):
:raises UnicodeDecodeError: for invalid UTF-8 encoding
"""
if isinstance(value, six.binary_type):
return _utf8_decoder(value)[0]
try:
return _utf8_decoder(value)[0]
except UnicodeDecodeError:
# NOTE(lbragstad): We could be dealing with a UUID in byte form,
# which some LDAP implementations use.
uuid_byte_string_length = 16
if len(value) == uuid_byte_string_length:
return six.text_type(uuid.UUID(bytes_le=value))
else:
raise
return six.text_type(value)

View File

@ -520,6 +520,20 @@ class CommonLdapTestCase(unit.BaseTestCase):
# The user name should still be a string value.
self.assertEqual(user_name, py_result[0][1]['user_name'][0])
def test_user_id_attribute_is_uuid_in_byte_form(self):
results = [(
'cn=alice,dc=example,dc=com',
{
'cn': [b'cn=alice'],
'objectGUID': [b'\xdd\xd8Rt\xee]bA\x8e(\xe39\x0b\xe1\xf8\xe8'],
'email': [uuid.uuid4().hex],
'sn': [uuid.uuid4().hex]
}
)]
py_result = common_ldap.convert_ldap_result(results)
exp_object_guid = '7452d8dd-5dee-4162-8e28-e3390be1f8e8'
self.assertEqual(exp_object_guid, py_result[0][1]['objectGUID'][0])
class LDAPFilterQueryCompositionTest(unit.BaseTestCase):
"""These test cases test LDAP filter generation."""

View File

@ -0,0 +1,5 @@
---
fixes:
- |
[`bug 1889936 <https://bugs.launchpad.net/keystone/+bug/1889936>`_]
Properly decode octet strings, or byte arrays, returned from LDAP.